You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by Juan Pablo Santos Rodríguez <ju...@gmail.com> on 2019/08/20 20:23:04 UTC
removal of deprecated code
Hi,
as part of the ongoing path towards 2.11.0, last push removed all
@Deprecated code on master with two exceptions:
- AbstractLoginModule: there are several Collection<Principal> annotated
with deprecated: m_previousWikiPrincipals, m_principalsToRemove and
m_principalsToOverwrite. Those collections are meant to be filled in by
classes extending AbstractLoginModule, and are used/removed/overwritten
on final methods on AbstractLoginModule. None of the classes extending
AbstractLoginModule bundled on JSPWiki make use of them, so that's
probably why they're marked with @Deprecated, but I was wondering they
might be useful for custom 3rd party implementations.
- AbstractUserDatabase: it contains a getOldHash method (dating JSPWiki <
2.8) which gets the SHA-1 hash for a given text. It is retained for
backwards compatibility, as old versions of JSPWiki stored this hash;
nowadays, if this hash is found then the original text is hashed with
getHash
(in the same class) and the new value is then stored. Given that removing
this method may not be easy for older installations, I thought of keeping
it. Also, the getHash method is getting the SHA-1 (salted) hash, so I'm
wondering if we should keep both methods as of backwards compatibility
and store a SHA-512 by default.
Does it make sense to remove any of them, WDYT?
best regards,
juan pablo
Re: removal of deprecated code
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
Hi,
giving a second thought I'll proceed with removing the collections on
AbstractLoginModule, they're not really used anywhere besides
that class.
As for the getOldHash method on AbstractUserDatabase I'd most probably
make it (package-)private and remove the @Deprecated
annotation. It's probably not used anywhere by now but, as we should move
from SHA-1 (and getHash) to something stronger by
default it doesn't matter that much to keep the getOldHash method. Perhaps
we'll get rid of it later on (2.12 scope, f.ex)?
best regards,
juan pablo
On Tue, Aug 20, 2019 at 10:23 PM Juan Pablo Santos Rodríguez <
juanpablo.santos@gmail.com> wrote:
> Hi,
>
> as part of the ongoing path towards 2.11.0, last push removed all
> @Deprecated code on master with two exceptions:
>
> - AbstractLoginModule: there are several Collection<Principal> annotated
> with deprecated: m_previousWikiPrincipals, m_principalsToRemove and
> m_principalsToOverwrite. Those collections are meant to be filled in by
> classes extending AbstractLoginModule, and are used/removed/overwritten
> on final methods on AbstractLoginModule. None of the classes extending
> AbstractLoginModule bundled on JSPWiki make use of them, so that's
> probably why they're marked with @Deprecated, but I was wondering they
> might be useful for custom 3rd party implementations.
>
> - AbstractUserDatabase: it contains a getOldHash method (dating JSPWiki <
> 2.8) which gets the SHA-1 hash for a given text. It is retained for
> backwards compatibility, as old versions of JSPWiki stored this hash;
> nowadays, if this hash is found then the original text is hashed with
> getHash
> (in the same class) and the new value is then stored. Given that removing
> this method may not be easy for older installations, I thought of keeping
> it. Also, the getHash method is getting the SHA-1 (salted) hash, so I'm
> wondering if we should keep both methods as of backwards compatibility
> and store a SHA-512 by default.
>
> Does it make sense to remove any of them, WDYT?
>
>
> best regards,
> juan pablo
>